At the conclusion of the assessment, Privasec will provide a set of recommendations on how to address any identified gaps against APRA CPS 234.
Australian Cyber Security Centre’s (ACSC) Strategy to Mitigate Cyber Security Incidents provides a prioritised list of mitigation strategies to assist organisations in protecting their systems and their crown jewels against a range of adversaries. The mitigation strategies advised by ACSC vary and can be customised based on the risk profile, the industry sector and the adversaries the organisation is most concerned with.
The Council of Financial Regulators (CFR) released a framework in December 2020 that
is used to build red team scenarios to test the level of Australian financial services industry’s cyber resilience.
The Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework is a pilot programme of exercises that will mimic the Tactics, Techniques and Procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated and planned for. Read more to understand how the CORIE framework could help Financial Institutions (FI) stay competitive and secure by leveraging an unbiased view, and by third-party providers mimicking real-world Advanced Persistent Threats (APTs).
A new framework by the Council of Financial Regulators requires APRA-regulated financial institutions to attack themselves in a bid to uplift their cyber preparedness, as APRA orders urgent audits against CPS 234.
The #CORIE framework that has been launched will require banks, super funds and other financial institutions to organize independent red team attack simulations.
Congratulations to our Senior Consultant David Roccasalva, for his discovery and responsible disclosure of a MFA Authentication Bypass vulnerability on VMWare Horizon DaaS (9.x, 8.x and 7.x) for VMware earlier this year.
VMWare Horizon DaaS (Desktop as a Service) is a remote desktop and application service used by organisations for working remotely on applications, which is depended by many during the remote work situation as a result of COVID-19.